The digital identity company Beyond Identity recently published a study that contains many surprises regarding password security and passwords. These are important information IT professionals and owners of small- or medium-sized businesses should know.
Although it's not an exact and scientific study, the survey results are quite surprising.
Here's a overview of the password study:
One in ten respondents felt confident they could guess the password of a coworker by looking through their social media accounts. Surprisingly, just half (50.1%) of the people surveyed share their passwords with other users of video streaming accounts.
Nearly half of those surveyed (44.9%) share their passwords for music streaming services. This is a bit concerning because more than one-fourth of the people surveyed (25.7%) shared their banking passwords.
Surprisingly, 22 percent of people try to guess the password of a coworker at least once. Nearly the same percentage (19.9%) attempt to guess their boss’ password.
39% of these attempts use personal information that the person trying to guess is familiar with. 18.4 percent of the times, the person trying to guess will also check out the social media pages of the other person and use that information to help them guess their password.
43.7% of these attempts are to hack into the target's email, while 32.6% are attempts to guess their phone passwords.
These statistics are as striking as they are informative. They can also be used to identify areas of weakness in your organization.
There are many easy ways to improve your password security, including two-factor authentication and strong app password generation. These are important steps to take because your passwords may not be as secure as you think.
Ficker Malware tricks people to get their passwords
Jiri Kropac is the Head of ESET's Threat Detection Laboratorys. She recently revealed a new malware campaign that you should be aware.
This one uses a different methodology. Hackers use social engineering techniques to lure people into downloading malicious files or clicking on suspicious links in emails.
However, hackers are boldly advertising and impersonating legitimate online stores like Spotify or Microsoft Store. One example of an ad campaign promotes a chess game and invites users to download it.
Clicking on the link will take you to a page in the Microsoft Store, which promises the software promised in the ad.
Anybody who clicks to install the chess software will find the FickerStealer Malware on their computer instead. This Trojan was released in January 2021 on Russian hacking forums. This malware was created to steal user data and allow you to take cryptocurrency from various supposedly secure wallets.
All the stolen data is compressed and periodically exfiltrated by hackers to a command-and-control server. Worse, the hackers who created this malware strain put it online in an attempt to gain customers. Their goal was to rent their code to anyone who would like to use it.
You can bet we'll hear a lot more about FickerStealer over the coming weeks and months as hackers take up the offer to deploy it in increasing numbers of campaigns.
This type of campaign can only be stopped by telling your users to not click on advertisements. Instead of clicking on ads to get an app or sign up for Spotify, ask them to type the URL manually.
Be sure to inform your employees about the new threat and keep them safe.
Are you sure your data is secure from malware and outside hackers? Are you employees using safe practices with emails and passwords? If you have any doubts, give Integrated Technology Systems a call 212-750-5420. We will do an assessment of your systems to ensure your data is safe.
